Today in Spokane Washington Federal Court, the US Government unsealed indictments against two Chinese citizens for numerous charges related to hacking, gaining illegal access to systems, wire fraud, identity theft, and theft of trade secrets. This ongoing attack against the…
This month marks another birthday for Milton Security. While we’ve come across many black cats and can’t count the number of times we’ve debated walking under or around the ladder, this is one we couldn’t avoid. We’re turning 13. As…
History as we know it, is recorded; somewhere by someone or something. We learn from these historical documents. They are entered as evidence in legal proceedings. We use these documents and pictures as a means of learning and education, to…
Of course when Jim was writing his last blog post, the embargo was ending on two major vulnerabilities within a range of CPU processors (aka Spectre & Meltdown). With Spectre & Meltdown, we are looking at a vulnerability that is…
First, this is not one of those far reaching blog posts full of marketing speak, fear, uncertainty or doubt to get you to buy blinky lights. My personal goals for 2018 include, writing, sharing, and helping others more often. This…
A vulnerability was found by James Forshaw of Google Project Zero in January that exploits a bug in Windows COM Aggregate Marshaler that an attacker can use to elevate privileges. It gave Microsoft 90 days to patch, which they have with last…
It is 2017, and gaining unauthorized access to systems is getting easier and easier. Seems a Biker Gang gained access to a key database for Jeep vehicles. Using this database they were able to look up VIN’s for 150 Jeep…
Much like the EternalBlue exploit that was released in April 2017 after being stolen from the NSA, Samba was discovered to have a remote code execution vulnerability as well. Dubbed ‘EternalRed’ by industry-types, this vulnerability dates as far as 2010. So even…
In Early April, an advisory was released forCVE-2017-0199, the vulnerability exists in the way that Microsoft Office and WordPad parse specially crafted files.Patches that were released included mitigation for Office 2007/2010/2013/2016 and Wordpad for Windows versions Vista It’s related to…
A few weeks ago ShadowBrokers released a dump of NSA/EquationGroup tools used to exploit various machines that they previously tried to auction off unsuccessfully. One of the exploits was for Windows SMB RCE which allowed an unauthenticated attacker to gain System-level privileges…